From 2a502ff31031622d983db9846d15682c368f8801 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 29 Aug 2004 19:52:32 +1000 Subject: - (dtucker) [Makefile.in] Get regress/Makefile symlink right for out-of-tree builds too, from vinschen at redhat.com. --- Makefile.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Makefile.in') diff --git a/Makefile.in b/Makefile.in index a603609ae..ded7b9372 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.263 2004/08/15 11:01:37 dtucker Exp $ +# $Id: Makefile.in,v 1.264 2004/08/29 09:52:32 dtucker Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -376,7 +376,7 @@ tests: $(TARGETS) BUILDDIR=`pwd`; \ [ -d `pwd`/regress ] || mkdir -p `pwd`/regress; \ [ -f `pwd`/regress/Makefile ] || \ - ln -s $(srcdir)/regress/Makefile `pwd`/regress/Makefile ; \ + ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile ; \ TEST_SHELL="@TEST_SHELL@"; \ TEST_SSH_SSH="$${BUILDDIR}/ssh"; \ TEST_SSH_SSHD="$${BUILDDIR}/sshd"; \ -- cgit v1.2.3 From 25a1234ef71c48e52e1aa43e8af37d1261aaf937 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 30 Aug 2004 21:33:02 +1000 Subject: - (dtucker) [Makefile.in contrib/ssh-copy-id] Bug #894: Improve portability of shell constructs. Patch from cjwatson at debian.org. --- ChangeLog | 4 +++- Makefile.in | 6 +++--- contrib/ssh-copy-id | 2 +- 3 files changed, 7 insertions(+), 5 deletions(-) (limited to 'Makefile.in') diff --git a/ChangeLog b/ChangeLog index c302eef95..ffabb0510 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,8 @@ redhat.com, ok djm@ - (dtucker) [regress/Makefile] Clean scp-ssh-wrapper.scp too. Patch from vinschen at redhat.com. + - (dtucker) [Makefile.in contrib/ssh-copy-id] Bug #894: Improve portability + of shell constructs. Patch from cjwatson at debian.org. 20040829 - (dtucker) [openbsd-compat/getrrsetbyname.c] Prevent getrrsetbyname from @@ -1714,4 +1716,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3538 2004/08/30 11:13:49 dtucker Exp $ +$Id: ChangeLog,v 1.3539 2004/08/30 11:33:02 dtucker Exp $ diff --git a/Makefile.in b/Makefile.in index ded7b9372..db9eb34ab 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.264 2004/08/29 09:52:32 dtucker Exp $ +# $Id: Makefile.in,v 1.265 2004/08/30 11:33:02 dtucker Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -292,7 +292,7 @@ install-files: scard-install else \ echo "$(DESTDIR)$(sysconfdir)/sshd_config already exists, install will not overwrite"; \ fi - @if [ -f ssh_prng_cmds -a ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \ + @if [ -f ssh_prng_cmds ] && [ ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \ if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_prng_cmds ] ; then \ $(INSTALL) -m 644 ssh_prng_cmds.out $(DESTDIR)$(sysconfdir)/ssh_prng_cmds; \ else \ @@ -406,7 +406,7 @@ tests: $(TARGETS) $@ regressclean: - if [ -f regress/Makefile -a -r regress/Makefile ]; then \ + if [ -f regress/Makefile ] && [ -r regress/Makefile ]; then \ (cd regress && $(MAKE) clean) \ fi diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id index a1c0a9234..1555b5d37 100644 --- a/contrib/ssh-copy-id +++ b/contrib/ssh-copy-id @@ -24,7 +24,7 @@ else fi fi -if [ -z "`eval $GET_ID`" -a -r "${ID_FILE}" ] ; then +if [ -z "`eval $GET_ID`" ] && [ -r "${ID_FILE}" ] ; then GET_ID="cat ${ID_FILE}" fi -- cgit v1.2.3 From 16bcc1c92e6baa0a32efe105c58b6d6242331d10 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 7 Nov 2004 20:14:34 +1100 Subject: - (dtucker) [INSTALL Makefile.in configure.ac] Add --with-libedit configure option and supporting makefile bits and documentation. --- ChangeLog | 4 +++- INSTALL | 10 +++++++++- Makefile.in | 5 +++-- configure.ac | 19 ++++++++++++++++++- 4 files changed, 33 insertions(+), 5 deletions(-) (limited to 'Makefile.in') diff --git a/ChangeLog b/ChangeLog index fe96f8d0c..48b1aa4ee 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,8 @@ [clientloop.c clientloop.h ssh.1 ssh.c] add basic control of a running multiplex master connection; including the ability to check its status and request it to exit; ok markus@ + - (dtucker) [INSTALL Makefile.in configure.ac] Add --with-libedit configure + option and supporting makefile bits and documentation. 20041105 - (dtucker) OpenBSD CVS Sync @@ -1852,4 +1854,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3580 2004/11/07 09:06:19 dtucker Exp $ +$Id: ChangeLog,v 1.3581 2004/11/07 09:14:34 dtucker Exp $ diff --git a/INSTALL b/INSTALL index dae1bb159..26d62976b 100644 --- a/INSTALL +++ b/INSTALL @@ -52,6 +52,14 @@ http://www.lothar.com/tech/crypto/ S/Key Libraries: http://www.sparc.spb.su/solaris/skey/ +LibEdit: + +sftp now supports command-line editing via NetBSD's libedit. If your +platform has it available natively you can use that, alternatively +you might try these multi-platform ports: +http://www.thrysoee.dk/editline/ +http://sourceforge.net/projects/libedit/ + If you wish to use --with-skey then you will need the above library installed. No other current S/Key library is currently known to be supported. @@ -200,4 +208,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.64 2004/05/26 23:59:31 dtucker Exp $ +$Id: INSTALL,v 1.65 2004/11/07 09:14:34 dtucker Exp $ diff --git a/Makefile.in b/Makefile.in index db9eb34ab..940e686b0 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.265 2004/08/30 11:33:02 dtucker Exp $ +# $Id: Makefile.in,v 1.266 2004/11/07 09:14:34 dtucker Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -43,6 +43,7 @@ LD=@LD@ CFLAGS=@CFLAGS@ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ LIBS=@LIBS@ +LIBEDIT=@LIBEDIT@ LIBPAM=@LIBPAM@ LIBWRAP=@LIBWRAP@ AR=@AR@ @@ -158,7 +159,7 @@ sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o $(LD) -o $@ sftp-server.o sftp-common.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o - $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT) ssh-rand-helper${EXEEXT}: $(LIBCOMPAT) libssh.a ssh-rand-helper.o $(LD) -o $@ ssh-rand-helper.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) diff --git a/configure.ac b/configure.ac index b8f970074..f60bbdd27 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.232 2004/11/02 09:30:54 dtucker Exp $ +# $Id: configure.ac,v 1.233 2004/11/07 09:14:34 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -854,6 +854,22 @@ AC_ARG_WITH(tcp-wrappers, ] ) +# Check whether user wants libedit support +LIBEDIT_MSG="no" +AC_ARG_WITH(libedit, + [ --with-libedit[[=PATH]] Enable libedit support for sftp], + [ if test "x$withval" != "xno" ; then + AC_CHECK_LIB(edit, el_init, + [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp]) + LIBEDIT="-ledit -lcurses" + LIBEDIT_MSG="yes" + AC_SUBST(LIBEDIT) + ], + [], [-lcurses] + ) + fi ] +) + dnl Checks for library functions. Please keep in alphabetical order AC_CHECK_FUNCS(\ arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \ @@ -3046,6 +3062,7 @@ echo " Smartcard support: $SCARD_MSG" echo " S/KEY support: $SKEY_MSG" echo " TCP Wrappers support: $TCPW_MSG" echo " MD5 password support: $MD5_MSG" +echo " libedit support: $LIBEDIT_MSG" echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" echo " BSD Auth support: $BSD_AUTH_MSG" -- cgit v1.2.3 From 72c025d9f0f494d6816f045819b9be05fc915730 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 18 Jan 2005 12:05:18 +1100 Subject: - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement "make survey" and "make send-survey". This will provide data on the configure parameters, platform and platform features to the development team, which will allow (among other things) better targetting of testing. It's entirely voluntary and is off be default. ok djm@ --- .cvsignore | 2 ++ ChangeLog | 9 +++++++- INSTALL | 17 +++++++++++++-- Makefile.in | 15 +++++++++++--- configure.ac | 5 +++-- survey.sh.in | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 107 insertions(+), 8 deletions(-) create mode 100644 survey.sh.in (limited to 'Makefile.in') diff --git a/.cvsignore b/.cvsignore index e38a50bbd..397691f1b 100644 --- a/.cvsignore +++ b/.cvsignore @@ -23,3 +23,5 @@ buildit.sh buildpkg.sh autom4te.cache ssh-rand-helper +survey.sh +survey diff --git a/ChangeLog b/ChangeLog index 797ff28bf..2cead3c87 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20040118 + - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement + "make survey" and "make send-survey". This will provide data on the + configure parameters, platform and platform features to the development + team, which will allow (among other things) better targetting of testing. + It's entirely voluntary and is off be default. ok djm@ + 20041220 - (dtucker) [ssh-rand-helper.c] Fall back to command-based seeding if reading from prngd is enabled at compile time but fails at run time, eg because @@ -1960,4 +1967,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3606 2004/12/20 01:35:42 dtucker Exp $ +$Id: ChangeLog,v 1.3607 2005/01/18 01:05:18 dtucker Exp $ diff --git a/INSTALL b/INSTALL index 26d62976b..4fc3744f3 100644 --- a/INSTALL +++ b/INSTALL @@ -200,7 +200,20 @@ running and has collected some Entropy. For more information on configuration, please refer to the manual pages for sshd, ssh and ssh-agent. -4. Problems? +4. (Optional) Send survey +------------------------- + +$ make survey +[check the contents and make sure there's no sensitive information] +$ make send-survey + +This will send configuration information for the currently configured +host to a survey address. This will help determine which configurations +are actually in use, and what valid combinations of configure options +exist. The raw data is available only to the OpenSSH developers, however +summary data may be published. + +5. Problems? ------------ If you experience problems compiling, installing or running OpenSSH. @@ -208,4 +221,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.65 2004/11/07 09:14:34 dtucker Exp $ +$Id: INSTALL,v 1.66 2005/01/18 01:05:18 dtucker Exp $ diff --git a/Makefile.in b/Makefile.in index 940e686b0..8a1c9f7c0 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.266 2004/11/07 09:14:34 dtucker Exp $ +# $Id: Makefile.in,v 1.267 2005/01/18 01:05:18 dtucker Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -195,13 +195,13 @@ moduli: clean: regressclean rm -f *.o *.a $(TARGETS) logintest config.cache config.log - rm -f *.out core + rm -f *.out core survey (cd openbsd-compat && $(MAKE) clean) distclean: regressclean rm -f *.o *.a $(TARGETS) logintest config.cache config.log rm -f *.out core opensshd.init - rm -f Makefile buildpkg.sh config.h config.status ssh_prng_cmds *~ + rm -f Makefile buildpkg.sh config.h config.status ssh_prng_cmds survey.sh *~ rm -rf autom4te.cache (cd openbsd-compat && $(MAKE) distclean) (cd scard && $(MAKE) distclean) @@ -411,6 +411,15 @@ regressclean: (cd regress && $(MAKE) clean) \ fi +survey: survey.sh ssh + @$(SHELL) ./survey.sh > survey + @echo 'The survey results have been placed in the file "survey" in the' + @echo 'current directory. Please review the file then send with' + @echo '"make send-survey".' + +send-survey: survey + mail portable-survey@mindrot.org &1`" +echo +configinv=`$AWK '/^ \\\$.*configure/' config.log | sed 's/^ \\\$ //g'` +echo "configure-invocation: $configinv" +echo +echo "host: $host" +echo +echo "uname: `uname`" +echo +echo "uname-r: `uname -r`" +echo +echo "uname-m: `uname -m`" +echo +echo "uname-p: `uname -p`" +echo +echo "oslevel: `oslevel 2>/dev/null`" +echo +echo "cc: $CC" +echo +echo "cflags: $CFLAGS" +echo +echo "cppflags: $CPPFLAGS" +echo +echo "ldflags: $LDFLAGS" +echo +echo "libs: $LIBS" +echo +echo "ccver-v: `$CC -v 2>&1`" +echo +echo "ccver-V: `$CC -V 2>&1`" +echo +echo "cppdefines:" +${CPP} -dM - Date: Thu, 3 Feb 2005 00:20:53 +1100 Subject: - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125: (first stage) Add audit instrumentation to sshd, currently disabled by default. with suggestions from and djm@ --- ChangeLog | 6 +++++- Makefile.in | 4 ++-- auth.c | 42 +++++++++++++++++++++++++++++++++++++ auth.h | 1 + auth1.c | 12 +++++++++-- auth2.c | 15 ++++++++++++-- loginrec.c | 9 +++++++- monitor.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ monitor.h | 1 + monitor_wrap.c | 30 +++++++++++++++++++++++++++ monitor_wrap.h | 6 ++++++ session.c | 16 +++++++++++++++ sshd.c | 12 +++++++++++ 13 files changed, 211 insertions(+), 8 deletions(-) (limited to 'Makefile.in') diff --git a/ChangeLog b/ChangeLog index 07ae663d7..e2dc30e5a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,10 @@ attempts (currently only for password, kbdint and C/R, only on Linux and HP-UX), based on code from login.c from util-linux. With ashok_kovai at hotmail.com, ok djm@ + - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c + monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125: + (first stage) Add audit instrumentation to sshd, currently disabled by + default. with suggestions from and djm@ 20050201 - (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some @@ -2068,4 +2072,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3632 2005/02/02 12:30:24 dtucker Exp $ +$Id: ChangeLog,v 1.3633 2005/02/02 13:20:53 dtucker Exp $ diff --git a/Makefile.in b/Makefile.in index 8a1c9f7c0..c6cfef11a 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.267 2005/01/18 01:05:18 dtucker Exp $ +# $Id: Makefile.in,v 1.268 2005/02/02 13:20:53 dtucker Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -85,7 +85,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o \ auth-krb5.o \ auth2-gss.o gss-serv.o gss-serv-krb5.o \ - loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o + loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o audit.o MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5 diff --git a/auth.c b/auth.c index b6c00c12b..bbf3a54a4 100644 --- a/auth.c +++ b/auth.c @@ -51,6 +51,7 @@ RCSID("$OpenBSD: auth.c,v 1.57 2005/01/22 08:17:59 dtucker Exp $"); #include "bufaux.h" #include "packet.h" #include "loginrec.h" +#include "monitor_wrap.h" /* import */ extern ServerOptions options; @@ -251,6 +252,44 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) record_failed_login(authctxt->user, get_canonical_hostname(options.use_dns), "ssh"); #endif +#ifdef AUDIT_EVENTS + if (authenticated == 0 && !authctxt->postponed) { + ssh_audit_event_t event; + + debug3("audit failed auth attempt, method %s euid %d", + method, (int)geteuid()); + /* + * Because the auth loop is used in both monitor and slave, + * we must be careful to send each event only once and with + * enough privs to write the event. + */ + event = audit_classify_auth(method); + switch(event) { + case AUTH_FAIL_NONE: + case AUTH_FAIL_PASSWD: + case AUTH_FAIL_KBDINT: + if (geteuid() == 0) + audit_event(event); + break; + case AUTH_FAIL_PUBKEY: + case AUTH_FAIL_HOSTBASED: + case AUTH_FAIL_GSSAPI: + /* + * This is required to handle the case where privsep + * is enabled but it's root logging in, since + * use_privsep won't be cleared until after a + * successful login. + */ + if (geteuid() == 0) + audit_event(event); + else + PRIVSEP(audit_event(event)); + break; + default: + error("unknown authentication audit event %d", event); + } + } +#endif } /* @@ -476,6 +515,9 @@ getpwnamallow(const char *user) record_failed_login(user, get_canonical_hostname(options.use_dns), "ssh"); #endif +#ifdef AUDIT_EVENTS + audit_event(INVALID_USER); +#endif /* AUDIT_EVENTS */ return (NULL); } if (!allowed_user(pw)) diff --git a/auth.h b/auth.h index 6c0089dc7..8d1f93403 100644 --- a/auth.h +++ b/auth.h @@ -130,6 +130,7 @@ int auth_shadow_pwexpired(Authctxt *); #endif #include "auth-pam.h" +#include "audit.h" void remove_kbdint_device(const char *); void disable_forwarding(void); diff --git a/auth1.c b/auth1.c index 2a9d18b9a..aeb5d8cb9 100644 --- a/auth1.c +++ b/auth1.c @@ -247,8 +247,12 @@ do_authloop(Authctxt *authctxt) #else /* Special handling for root */ if (authenticated && authctxt->pw->pw_uid == 0 && - !auth_root_allowed(get_authname(type))) + !auth_root_allowed(get_authname(type))) { authenticated = 0; +# ifdef AUDIT_EVENTS + PRIVSEP(audit_event(LOGIN_ROOT_DENIED)); +# endif + } #endif #ifdef USE_PAM @@ -283,8 +287,12 @@ do_authloop(Authctxt *authctxt) if (authenticated) return; - if (authctxt->failures++ > options.max_authtries) + if (authctxt->failures++ > options.max_authtries) { +#ifdef AUDIT_EVENTS + PRIVSEP(audit_event(LOGIN_EXCEED_MAXTRIES)); +#endif packet_disconnect(AUTH_FAIL_MSG, authctxt->user); + } packet_start(SSH_SMSG_FAILURE); packet_send(); diff --git a/auth2.c b/auth2.c index 60e261f7f..2727e0ff5 100644 --- a/auth2.c +++ b/auth2.c @@ -166,6 +166,9 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) #ifdef USE_PAM if (options.use_pam) PRIVSEP(start_pam(authctxt)); +#endif +#ifdef AUDIT_EVENTS + PRIVSEP(audit_event(INVALID_USER)); #endif } setproctitle("%s%s", authctxt->valid ? user : "unknown", @@ -214,8 +217,12 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) /* Special handling for root */ if (authenticated && authctxt->pw->pw_uid == 0 && - !auth_root_allowed(method)) + !auth_root_allowed(method)) { authenticated = 0; +#ifdef AUDIT_EVENTS + PRIVSEP(audit_event(LOGIN_ROOT_DENIED)); +#endif + } #ifdef USE_PAM if (options.use_pam && authenticated) { @@ -255,8 +262,12 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) /* now we can break out */ authctxt->success = 1; } else { - if (authctxt->failures++ > options.max_authtries) + if (authctxt->failures++ > options.max_authtries) { +#ifdef AUDIT_EVENTS + PRIVSEP(audit_event(LOGIN_EXCEED_MAXTRIES)); +#endif packet_disconnect(AUTH_FAIL_MSG, authctxt->user); + } methods = authmethods_get(); packet_start(SSH2_MSG_USERAUTH_FAILURE); packet_put_cstring(methods); diff --git a/loginrec.c b/loginrec.c index e77318ba3..0fa9bdea7 100644 --- a/loginrec.c +++ b/loginrec.c @@ -154,6 +154,7 @@ #include "atomicio.h" #include "packet.h" #include "canohost.h" +#include "auth.h" #ifdef HAVE_UTIL_H # include @@ -163,7 +164,7 @@ # include #endif -RCSID("$Id: loginrec.c,v 1.63 2005/02/02 12:30:25 dtucker Exp $"); +RCSID("$Id: loginrec.c,v 1.64 2005/02/02 13:20:53 dtucker Exp $"); /** ** prototypes for helper functions in this file @@ -442,6 +443,12 @@ login_write(struct logininfo *li) if (li->type == LTYPE_LOGIN && !sys_auth_record_login(li->username,li->hostname,li->line)) logit("Writing login record failed for %s", li->username); +#endif +#ifdef AUDIT_EVENTS + if (li->type == LTYPE_LOGIN) + audit_session_open(li->line); + else if (li->type == LTYPE_LOGOUT) + audit_session_close(li->line); #endif return (0); } diff --git a/monitor.c b/monitor.c index 00d4a785f..ce7784aa1 100644 --- a/monitor.c +++ b/monitor.c @@ -143,6 +143,11 @@ int mm_answer_gss_userok(int, Buffer *); int mm_answer_gss_checkmic(int, Buffer *); #endif +#ifdef AUDIT_EVENTS +int mm_answer_audit_event(int, Buffer *); +int mm_answer_audit_command(int, Buffer *); +#endif + static Authctxt *authctxt; static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ @@ -186,6 +191,9 @@ struct mon_table mon_dispatch_proto20[] = { {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, #endif +#ifdef AUDIT_EVENTS + {MONITOR_REQ_AUDIT_EVENT, 0, mm_answer_audit_event}, +#endif #ifdef BSD_AUTH {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH,mm_answer_bsdauthrespond}, @@ -211,6 +219,10 @@ struct mon_table mon_dispatch_postauth20[] = { {MONITOR_REQ_PTY, 0, mm_answer_pty}, {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup}, {MONITOR_REQ_TERM, 0, mm_answer_term}, +#ifdef AUDIT_EVENTS + {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, + {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, +#endif {0, 0, NULL} }; @@ -238,6 +250,9 @@ struct mon_table mon_dispatch_proto15[] = { {MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query}, {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, +#endif +#ifdef AUDIT_EVENTS + {MONITOR_REQ_AUDIT_EVENT, 0, mm_answer_audit_event}, #endif {0, 0, NULL} }; @@ -246,6 +261,10 @@ struct mon_table mon_dispatch_postauth15[] = { {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty}, {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup}, {MONITOR_REQ_TERM, 0, mm_answer_term}, +#ifdef AUDIT_EVENTS + {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, + {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, +#endif {0, 0, NULL} }; @@ -609,6 +628,9 @@ mm_answer_pwnamallow(int sock, Buffer *m) if (options.use_pam) monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1); #endif +#ifdef AUDIT_EVENTS + monitor_permit(mon_dispatch, MONITOR_REQ_AUDIT_EVENT, 1); +#endif return (0); } @@ -1491,6 +1513,49 @@ mm_answer_term(int sock, Buffer *req) exit(res); } +#ifdef AUDIT_EVENTS +/* Report that an audit event occurred */ +int +mm_answer_audit_event(int socket, Buffer *m) +{ + ssh_audit_event_t event; + + debug3("%s entering", __func__); + + event = buffer_get_int(m); + buffer_free(m); + switch(event) { + case AUTH_FAIL_PUBKEY: + case AUTH_FAIL_HOSTBASED: + case AUTH_FAIL_GSSAPI: + case LOGIN_EXCEED_MAXTRIES: + case LOGIN_ROOT_DENIED: + case CONNECTION_CLOSE: + audit_event(event); + break; + default: + fatal("Audit event type %d not permitted", event); + } + + return (0); +} + +int +mm_answer_audit_command(int socket, Buffer *m) +{ + u_int len; + char *cmd; + + debug3("%s entering", __func__); + cmd = buffer_get_string(m, &len); + /* sanity check command, if so how? */ + audit_run_command(cmd); + xfree(cmd); + buffer_free(m); + return (0); +} +#endif /* AUDIT_EVENTS */ + void monitor_apply_keystate(struct monitor *pmonitor) { diff --git a/monitor.h b/monitor.h index 621a4ad18..13ce3e1ca 100644 --- a/monitor.h +++ b/monitor.h @@ -59,6 +59,7 @@ enum monitor_reqtype { MONITOR_REQ_PAM_QUERY, MONITOR_ANS_PAM_QUERY, MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND, MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX, + MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND, MONITOR_REQ_TERM }; diff --git a/monitor_wrap.c b/monitor_wrap.c index 23857639b..983b24072 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1103,6 +1103,36 @@ mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16]) return (success); } +#ifdef AUDIT_EVENTS +void +mm_audit_event(ssh_audit_event_t event) +{ + Buffer m; + + debug3("%s entering", __func__); + + buffer_init(&m); + buffer_put_int(&m, event); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_EVENT, &m); + buffer_free(&m); +} + +void +mm_audit_run_command(const char *command) +{ + Buffer m; + + debug3("%s entering command %s", __func__, command); + + buffer_init(&m); + buffer_put_cstring(&m, command); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m); + buffer_free(&m); +} +#endif /* AUDIT_EVENTS */ + #ifdef GSSAPI OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID goid) diff --git a/monitor_wrap.h b/monitor_wrap.h index e5cf5718c..7ed241aa8 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h @@ -74,6 +74,12 @@ int mm_sshpam_respond(void *, u_int, char **); void mm_sshpam_free_ctx(void *); #endif +#ifdef AUDIT_EVENTS +#include "audit.h" +void mm_audit_event(ssh_audit_event_t); +void mm_audit_run_command(const char *); +#endif + struct Session; void mm_terminate(void); int mm_pty_allocate(int *, int *, char *, int); diff --git a/session.c b/session.c index 4d7ac9de7..b645144c5 100644 --- a/session.c +++ b/session.c @@ -665,6 +665,18 @@ do_exec(Session *s, const char *command) debug("Forced command '%.900s'", command); } +#ifdef AUDIT_EVENTS + if (command != NULL) + PRIVSEP(audit_run_command(command)); + else if (s->ttyfd == -1) { + char *shell = s->pw->pw_shell; + + if (shell[0] == '\0') /* empty shell means /bin/sh */ + shell =_PATH_BSHELL; + PRIVSEP(audit_run_command(shell)); + } +#endif + #ifdef GSSAPI if (options.gss_authentication) { temporarily_use_uid(s->pw); @@ -2321,6 +2333,10 @@ do_cleanup(Authctxt *authctxt) } #endif +#ifdef AUDIT_EVENTS + PRIVSEP(audit_event(CONNECTION_CLOSE)); +#endif + /* remove agent socket */ auth_sock_cleanup_proc(authctxt->pw); diff --git a/sshd.c b/sshd.c index 23d6962c0..e61870ea5 100644 --- a/sshd.c +++ b/sshd.c @@ -1628,6 +1628,9 @@ main(int ac, char **av) remote_port = get_remote_port(); remote_ip = get_remote_ipaddr(); +#ifdef AUDIT_EVENTS + audit_connection_from(remote_ip, remote_port); +#endif #ifdef LIBWRAP /* Check whether logins are denied from this host. */ if (packet_connection_is_on_socket()) { @@ -1697,6 +1700,10 @@ main(int ac, char **av) } authenticated: +#ifdef AUDIT_EVENTS + audit_event(AUTH_SUCCESS); +#endif + /* * In privilege separation, we fork another child and prepare * file descriptor passing. @@ -2010,5 +2017,10 @@ cleanup_exit(int i) { if (the_authctxt) do_cleanup(the_authctxt); +#ifdef AUDIT_EVENTS + /* done after do_cleanup so it can cancel the PAM auth 'thread' */ + if (!use_privsep || mm_is_monitor()) + audit_event(CONNECTION_ABANDON); +#endif _exit(i); } -- cgit v1.2.3 From d9f88915a2f2e7fe738799122ac288b5b1a13547 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 20 Feb 2005 21:01:48 +1100 Subject: - (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support. Configure --with-audit=bsm to enable. Patch originally from Sun Microsystems, parts by John R. Jackson. ok djm@ --- ChangeLog | 8 +++++++- LICENCE | 1 + Makefile.in | 5 +++-- README.platform | 17 +++++++++++++---- configure.ac | 39 ++++++++++++++++++++++++++++++++++++++- defines.h | 11 ++++++++++- 6 files changed, 72 insertions(+), 9 deletions(-) (limited to 'Makefile.in') diff --git a/ChangeLog b/ChangeLog index 836cc0dfc..87ae13abe 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20050220 + - (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac + defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support. Configure + --with-audit=bsm to enable. Patch originally from Sun Microsystems, + parts by John R. Jackson. ok djm@ + 20050216 - (djm) write seed to temporary file and atomically rename into place; ok dtucker@ @@ -2148,4 +2154,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3659 2005/02/16 11:49:31 dtucker Exp $ +$Id: ChangeLog,v 1.3660 2005/02/20 10:01:48 dtucker Exp $ diff --git a/LICENCE b/LICENCE index f9062bd51..ae03eb3a7 100644 --- a/LICENCE +++ b/LICENCE @@ -203,6 +203,7 @@ OpenSSH contains no GPL code. Wayne Schroeder William Jones Darren Tucker + Sun Microsystems * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/Makefile.in b/Makefile.in index c6cfef11a..71036c118 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.268 2005/02/02 13:20:53 dtucker Exp $ +# $Id: Makefile.in,v 1.269 2005/02/20 10:01:49 dtucker Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -85,7 +85,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o \ auth-krb5.o \ auth2-gss.o gss-serv.o gss-serv-krb5.o \ - loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o audit.o + loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ + audit.o audit-bsm.o MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5 diff --git a/README.platform b/README.platform index 4e7b84d39..af551de48 100644 --- a/README.platform +++ b/README.platform @@ -32,8 +32,17 @@ openssl-devel, zlib, minres, minires-devel. Solaris ------- -Currently, sshd does not support BSM auditting. This can show up as errors -when editting cron entries via crontab. See. -http://bugzilla.mindrot.org/show_bug.cgi?id=125 +If you enable BSM auditing on Solaris, you need to update audit_event(4) +for praudit(1m) to give sensible output. The following line needs to be +added to /etc/security/audit_event: -$Id: README.platform,v 1.4 2005/02/15 11:44:05 dtucker Exp $ + 32800:AUE_openssh:OpenSSH login:lo + +The BSM audit event range available for third party TCB applications is +32768 - 65535. Event number 32800 has been choosen for AUE_openssh. +There is no official registry of 3rd party event numbers, so if this +number is already in use on your system, you may change it at build time +by configure'ing --with-cflags=-DAUE_openssh=32801 then rebuilding. + + +$Id: README.platform,v 1.5 2005/02/20 10:01:49 dtucker Exp $ diff --git a/configure.ac b/configure.ac index fe6b002d4..1bf067a2f 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.244 2005/02/16 11:49:31 dtucker Exp $ +# $Id: configure.ac,v 1.245 2005/02/20 10:01:49 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -881,6 +881,37 @@ AC_ARG_WITH(libedit, fi ] ) +AUDIT_MODULE=none +AC_ARG_WITH(audit, + [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)], + [ + AC_MSG_CHECKING(for supported audit module) + case "$withval" in + bsm) + AC_MSG_RESULT(bsm) + AUDIT_MODULE=bsm + dnl Checks for headers, libs and functions + AC_CHECK_HEADERS(bsm/audit.h, [], + [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)]) + AC_CHECK_LIB(bsm, getaudit, [], + [AC_MSG_ERROR(BSM enabled and required library not found)]) + AC_CHECK_FUNCS(getaudit, [], + [AC_MSG_ERROR(BSM enabled and required function not found)]) + # These are optional + AC_CHECK_FUNCS(getaudit_addr gettext) + AC_DEFINE(USE_BSM_AUDIT, [], [Use BSM audit module]) + ;; + debug) + AUDIT_MODULE=debug + AC_MSG_RESULT(debug) + AC_DEFINE(SSH_AUDIT_EVENTS, [], Use audit debugging module) + ;; + *) + AC_MSG_ERROR([Unknown audit module $withval]) + ;; + esac ] +) + dnl Checks for library functions. Please keep in alphabetical order AC_CHECK_FUNCS(\ arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \ @@ -1846,6 +1877,8 @@ TYPE_SOCKLEN_T AC_CHECK_TYPES(sig_atomic_t,,,[#include ]) +AC_CHECK_TYPES(in_addr_t,,,[#include ]) + AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ AC_TRY_COMPILE( [ @@ -3195,3 +3228,7 @@ if test ! -z "$NO_PEERCHECK" ; then echo "" fi +if test "$AUDIT_MODULE" = "bsm" ; then + echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." + echo "See the Solaris section in README.platform for details." +fi diff --git a/defines.h b/defines.h index 4d59408ad..7758bc37a 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.118 2005/02/02 12:30:25 dtucker Exp $ */ +/* $Id: defines.h,v 1.119 2005/02/20 10:01:49 dtucker Exp $ */ /* Constants */ @@ -288,6 +288,10 @@ struct sockaddr_un { }; #endif /* HAVE_SYS_UN_H */ +#ifndef HAVE_IN_ADDR_T +typedef u_int32_t in_addr_t; +#endif + #if defined(BROKEN_SYS_TERMIO_H) && !defined(_STRUCT_WINSIZE) #define _STRUCT_WINSIZE struct winsize { @@ -530,6 +534,11 @@ struct winsize { # define getpgrp() getpgrp(0) #endif +#ifdef USE_BSM_AUDIT +# define SSH_AUDIT_EVENTS +# define CUSTOM_SSH_AUDIT_EVENTS +#endif + /* OPENSSL_free() is Free() in versions before OpenSSL 0.9.6 */ #if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090600f) # define OPENSSL_free(x) Free(x) -- cgit v1.2.3 From dc8fc621036147ff43f3fb1e8a1aa0d8026e5208 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 26 Feb 2005 10:12:38 +1100 Subject: - (dtucker) [Makefile.in] Add a install-nosysconf target for installing the binaries without the config files. Primarily useful for packaging. Patch from phil at usc.edu. ok djm@ --- ChangeLog | 5 ++++- Makefile.in | 9 ++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) (limited to 'Makefile.in') diff --git a/ChangeLog b/ChangeLog index b7e3635d6..3fd376c3b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,9 @@ - (dtucker) [acconfig.h configure.ac openbsd-compat/bsd-misc.{c,h}] Remove SETGROUPS_NOOP, was only used by Cygwin, which doesn't need it any more. Patch from vinschen at redhat.com. + - (dtucker) [Makefile.in] Add a install-nosysconf target for installing the + binaries without the config files. Primarily useful for packaging. + Patch from phil at usc.edu. ok djm@ 20050224 - (djm) [configure.ac] in_addr_t test needs sys/types.h too @@ -2170,4 +2173,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3665 2005/02/25 23:07:37 dtucker Exp $ +$Id: ChangeLog,v 1.3666 2005/02/25 23:12:38 dtucker Exp $ diff --git a/Makefile.in b/Makefile.in index 71036c118..bca425d36 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.269 2005/02/20 10:01:49 dtucker Exp $ +# $Id: Makefile.in,v 1.270 2005/02/25 23:12:38 dtucker Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -230,8 +230,9 @@ distprep: catman-do -rm -rf autom4te.cache (cd scard && $(MAKE) -f Makefile.in distprep) -install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files host-key check-config -install-nokeys: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files +install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config +install-nokeys: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf +install-nosysconf: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files check-config: -$(DESTDIR)$(sbindir)/sshd -t -f $(DESTDIR)$(sysconfdir)/sshd_config @@ -281,6 +282,8 @@ install-files: scard-install ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 ln -s ./ssh.1 $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 + +install-sysconf: if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \ $(srcdir)/mkinstalldirs $(DESTDIR)$(sysconfdir); \ fi -- cgit v1.2.3